How MorphCast® technology protects privacy
Private data protection and preserving people’s rights under GDPR legislation are at the heart of our technology.
MorphCast® is a media format capable of adapting in real-time to the viewer’s interaction. It needs to access the PC webcam or smartphone camera in order to analyze the viewer and detect traits and attributes like gender, age, emotions and other “appearance” features that can drive the media playback or the web page in term of content, effects and layout. We do not process any biometric data to allow identification of individuals.
MorphCast® is a JS/HTML5 media player or SDK, which runs inside every HTML5 compliant browser. It does not require any specific plugin or app to be installed by the viewer.
MorphCast® algorithms take frames from the camera stream and produce anonymous ‘traits and attributes’ used to drive the video or web page playback.
For example, ‘traits and attributes’ could be Male, Happy, 18-25. This kind of output cannot be linked to the viewer as this information is not connected to the source frame. It is not permanently stored and is instantaneously processed only in the frame-time it has been detected.
Our process for analysing image frames from the camera is as follows:
- A frame is taken from the camera stream memory and placed into a data structure in the Random Access Memory (RAM) allocated by the browser for the tab where the MorphCast® is viewed. This kind of memory is volatile (where stored information is lost if power is removed).
- A set of computer vision and AI algorithms will process and transform the frame data into numbers representing anonymous traits such as emotions, age, gender and probability distributions. The algorithms can evaluate other similar attributes like for example wearing glasses or have a beard.
- This set of data is then aggregated and used for taking decisions about content, layout and effects for the benefit of the MorphCast® video playback or web page playback, driven by MorphCast® SDK.
- Immediately, a new frame is taken from the camera overwriting the previous frame in the RAM memory allocated.
- At the end of the entire process, no one frame remains in the RAM. Equally, no frame data remains when the browser or browser tab are closed and when the device is turned off by the user.
The average permanence time that the camera frame is in the volatile memory (RAM), steps 1-4, is less than 500 milliseconds (our algorithms will scale depending on the target device hardware, on most modern devices and PCs is less than 200ms).
MorphCast® runs inside a browser tab and browser security protects the personal data we instantaneously process. All modern browsers, such as Chrome, Edge, Safari, Firefox, consider tabs as isolated “sandboxes” to enhance the security for the user by blocking all access to the sandbox from the external world. Moreover, any bugs are quickly found and fixed by experienced teams.
MorphCast® leverages the security provided by each browser by:
- Running in a tab of the host domain, if directly embedded in a web page. The tab, being a sandbox, is isolated from the other tabs with security being provided by the browser itself. The whole resources allocated for the execution of the JS player are not accessible from other tabs nor other apps running in the OS.
- Playing in a separate iFrame as an iFrame has all the advantages of the tab sandboxing with an added layer of protection as iFrames are sandboxes of their own incapable of communicating with the web page that embeds them.
- The camera stream is completely handled by the browser until a frame is directly requested from MorphCast® library through the appropriate browser API. As such, the camera stream is protected by the browser itself. And the access authorization at the camera is driven exclusively by the browser without any possibility to interfere with it.
MorphCast® JS Library Security protects all personal data we process. MorphCast® is a JS/HTML5 player and/or SDK. This means that the full source code (JS files) are downloaded on the client browser tab and executed locally.
Threats external to the tab where the player is running are managed by the browser itself. Despite this there is one possible attack that can be made inside the tab by malicious websites that directly embeds our JS library, and run inside the same sandbox, accessing the same memory of our library and potentially, reading the current camera frame. To prevent this type of attack, all our JS code is minified and obfuscated by Webpack, meaning that the variable names and functions are changed to random alphanumeric values. This makes it near impossible for an attacker to understand what the library is doing, and to track where in the memory the facial data is processed.
A further security practice that we adopt consists of authorizing the MorphCast® library with cryptographic systems that allow it to run exclusively on a specific domain. So, for example, the libraries that allow MorphCast® to work on a web page distributed by the “aol.com” domain, authorized by us, do not work in the “yahoo.com” domain, which is not authorized by us. This makes it disproportionately hard for an attacker to turn around this security barrier as the browsers primary rule is to not permit a domain to interfere with other domains and also for the DNS (Domain Name Server) to substitute itself to a certain domain and reach the Browser of the user.
Any risks are those that derive from the persistent threats within the device’s technological chain (smartphone-camera) and are independent of the MorphCast® software. MorphCast® does everything possible to mitigate risk with minimal amount of processing of personal data, which is near instantaneously deleted, remaining anonymous and secure.